1. Field of the Invention
The present invention relates to an RR (Return Routability) method, and more particularly, to an RR method which can guarantee a stable communication through improved security.
2. Description of the Related Art
In Mobile IPv6 (Internet Protocol version 6), communication nodes on the Internet can communicate with one another as they freely change their linked networks. In Mobile IPv6, a communication node, which can change its point of attachment from one link to another link, is called a mobile node (MN), and a communication node, which is communicating with the mobile node, is called a corresponding node (CN). The corresponding node may be either static or dynamic.
The mobile node, in case of moving from one link to another link, can continuously perform a communication through a home address that is an IP address allocated to the mobile node in its own home link. That is, the mobile node, while visiting a foreign link that is not its home link, should be allocated with a CoA (Care-of Address) that is the IP address connected to the mobile node, and inform the CoA to the corresponding node. Accordingly, when the mobile node leaves from its own home link and moves to another foreign link, it requires a binding update (BU) process for registering the CoA allocated to itself in its home agent and the corresponding node.
FIG. 1 is a view explaining a BU process. Referring to FIG. 1, there are a mobile node 100 that has moved from its home link to a foreign link, a home agent 150, and a corresponding node 200. The home agent is a router on the home link registered by the mobile node 100 as the present CoA of the mobile node itself.
The mobile node 100 registers its CoA in the home agent 150 and the corresponding node 200 through the BU process. After the BU process is completed, the home agent 150, while the mobile node 100 is separated from the home link, seizes a packet on the home link that is appointed as the home address of the mobile node 100 for encapsulization, and performs a tunneling in order for the packet to reach the registered CoA of the mobile node 100.
In order to perform the BU process, however, an RR (Return Routability) process for confirming whether the mobile node 100 is a proper node that can perform the BU process should precede performance of the BU process. Through this RR process, the corresponding node 200 authenticates the mobile node 100. Also, the RR process is performed through a process in which the mobile node 100 exchanges data for performing the BU process with the home agent 150 and the corresponding node 200.
FIG. 2 is a message sequence chart explaining the RR process.
Referring to FIG. 2, the mobile node 100 transmits an HoTI (Home Test Init) packet to the home agent 150 (S300), and transmits a CoTI (Care of Test Init) packet to the corresponding node 200 (S320). The home agent 150 transmits the HoTI packet received from the mobile node 100 to the corresponding node 200 (S310).
The corresponding node 200 receives the HoTI packet and the CoTI packet, and authenticates the mobile node 100 accordingly. That is, the corresponding node 200 transmits an HoT (Home of Test) packet corresponding to the HoTI packet to the home agent 150 (S330), and transmits a CoT (Care-of Test) packet corresponding to the CoTI packet to the mobile node 100 (S350). The HoT packet includes a MAC (Message Authentication Code) hash function that includes a nonce value, and this value is used for authenticating the mobile node 100 during the BU process. The home agent 150 transmits the HoT packet received from the corresponding node 200 to the mobile node 100 (S340).
Meanwhile, between the mobile node 100 and the corresponding node 200 may exist a man in the middle attack in which an attacker observes furtively the transmitted/received packets. It is possible that the man in the middle attack pretends to be the mobile node 100 by seizing the CoT packet coming from the corresponding node 200, or obtains the authority on the BU by seizing the CoTI packet.
FIGS. 3A and 3B are views illustrating various kinds of middle attacks that may be made during the related art RR process.
FIG. 3A shows a case that a mobile node 100a and a home agent 150a share a router 50a on a network. In this case, the man in the middle attack can seize all the HoTI packets and CoTI packets near the router 50a. 
FIG. 3B shows a case that respective nodes 10b, 150b and 200b are connected to a network through ISPs (Internet Service Providers) 60a, 60b and 60c. In this case, the man in the middle attack can seize all the packets transmitted to the corresponding node 200b through the corresponding ISP 60c near the ISP 60c to which the corresponding node 200b belongs.
FIG. 3C shows a case that the man in the middle attack is in the middle of a path for transmitting packets to the corresponding node 200c through the network. In this case, in the same manner as the case of FIG. 3B, for the man in the middle attack, an attacker who is on the path connected to the corresponding node 200c, can seize all the packets transmitted to the corresponding node 200c. 
As described above, various attacks can be made during the related art RR process, and if the man in the middle attack is near the corresponding node, it is much easier for the attacker to seize the packets transmitted to the corresponding node. Also, since all the communications of the Mobile IPv6 are basically performed by wireless, more threats of the attacker than those in a wire communication environment are carried out. Consequently, a new RR method that can improve security by preventing attacks during the RR process is required.